Table of Contents
As you may have noticed, MalwareBytes or MBAM, is used in a lot of our removal
guides. We do this for no reason other than the fact that the program simply
works well and that we can count on it to remove what it says it can. It is
updated constantly throughout the day and has excellent protection on all the
new malware that comes out. With that said, we feel that MalwareBytes is an
important tool to have as part of your computer's security arsenal. One of the
program's nicest features is that it is free and easy to use. For those, who
may want more advanced features you can purchase
the commercial full version to get real-time protection that will protect
you from being infected in the first place. The guide below will walk you through
installing, configuring, and scanning your computer with Malwarebytes Anti-Malware.
- Print out these instructions as we will need to close every window that
is open later in the fix.
- Download Malwarebytes Anti-Malware, or MBAM, from the following location
and save it to your desktop:
Malwarebytes' Anti-Malware Download Link (Download page will open in a new window)
- Once downloaded, close all programs and Windows on your computer, including
- Double-click on the icon named mbam-setup.exe that should located on your desktop.
This will start the installation of MBAM onto your computer.
- When the installation begins, keep following the prompts in order to continue
with the installation process. Do not make any changes to default settings
and when the program has finished installing, make sure you leave Launch
Malwarebytes Anti-Malware checked. Then click on the Finish button. If MalwareBytes prompts you to reboot, please do not do so.
- MBAM will now start and you will be at the main screen as shown below.
Please click on the Scan Now button to start the scan.
- If there is an update available for Malwarebytes, the program will automatically download it before performing the scan.
- MBAM will now start scanning your computer for malware. This process can
take quite a while, so we suggest you go and do something else and periodically
check on the status of the scan. While the program is scanning, it will display the amount of malware or other undesirables that it has found. An example screen showing the scanning process can be found below.
If you wish to see what infections were detected while it is performing the scan, you can click on the Review Detected Items link.
- When MBAM is finished scanning it will display a screen that displays any malware that it has detected. Please note that the infections found may be different
than what is shown in the image below.
You should now click on the Apply Actions button to remove all the listed malware. MBAM will now delete all of the files and registry keys and add them to the program's quarantine. When removing the files, MBAM may require a reboot in order to remove some of them. If it displays a message stating that it needs to reboot, as shown below, please click on the Yes button to allow it to do so.
- Once your computer has rebooted you can start Malwarebytes again and click on the History button to see a list of the malware that was removed and quarantined.
- You can now exit the MBAM program.
Hopefully your computer should now be clean of any infections that may have been present. If your current anti-virus solution let this infection through, you may want to consider purchasing the PRO version of Malwarebytes Anti-Malware to protect against these types of threats in the future.
Below are some common errors you may run into when attempting to use Malwarebytes' Anti-Malware.
Malwarebytes' setup program closes when you attempt to install it.
If you attempt to install Malwarebytes' and the setup program automatically closes then there is a good chance that you have an infection that is trying to stop the program from installing. To get around this, try renaming mbam-setup.exe to other names like:
After each rename, try and run the program again. If that does not work, then
you may to download and run Rkill to terminate the malware
processes that are stopping you.
Malwarebytes' wont start
If you attempt to run Malwarebytes' and it does not start then there is a good chance that you have an infection that is trying to stop the program from running. To get around this, try renaming C:\program files\Malwarebytes Anti-Malware\mbam.exe to other names like:
After each rename, try and run mbam.exe again. If that does not work, then you may to download and run Rkill to terminate the malware processes that are stopping you.
If you receive an Error 732 when trying to update MBAM it could be because you do not currently have an Internet connection or a malware has changed your connection settings so that you are using a proxy server. To make sure your connection has not been set to use a proxy server, please do the following steps:
- Please start Internet Explorer, and when the program is open, click on the
Tools menu and then select Internet Options
as shown in the image below.
- You should now be in the Internet Options screen as shown in the image below.
Now click on the Connections tab as designated by the blue arrow above.
- You will now be at the Connections tab as shown by the image below.
Now click on the Lan Settings button as designated by the blue arrow above.
- You will now be at the Local Area Network (LAN) settings screen as shown
by the image below.
Under the Proxy Server section, please uncheck the checkbox labeled Use a proxy server for your LAN. Then press the OK button to close this screen. Then press the OK button to close the Internet Options screen. Now that you have disabled the proxy server you will be able to browse the web again with Internet Explorer.
Now try and update MBAM again.
How to manually update Malwarebytes' Malware Definitions
Malware may sometimes block Malwarebytes from updating its definitions in order to protect itself. If you are having issues updating and have already tried disabling any proxy servers, you can instead update the definitions manually. To do this simply copy the following files onto a USB key from a working computer that has MBAM installed and transfer them to the infected one.
Windows XP and 2000:
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\rules.ref
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\actions.ref
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\swissarmy.ref
C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Configuration\database.conf
Windows Vista and Windows 7:
Once the above files are copied onto a USB key, please copy them to the same folders on the infected computer.
If you do not have another computer available, then you can download a self-installing rules file from the following URL. Please note that this method will install definitions that are older than the latest ones:
Error Code 2 when installing MBAM
If you receive an Error 2 when installing MBAM then a core executable was deleted by a malware running on your computer. To fix this we will first need to download a randomized version of mbam.exe and save it to the C:\program files\Malwarebytes' Anti-Malware\ folder. We can then run that random named executable to start Malwarebytes' and scan your computer. To do this follow these steps:
- If you receive a code 2 error while installing Malwarebytes's, please press
the OK button to close these errors as we will resolve them
in future steps. The code 2 error will look similar to the image below.
- As this infection deletes a core executable of Malwarebytes' we will need
to download a new copy of it and put it in the C:\program files\Malwarebytes'
Anti-Malware\ folder. To download the file please click on the following
- Once the file has been downloaded, open the C:\program files\Malwarebytes'
Anti-Malware\ folder and double-click on the file you downloaded
in step 2.
Now that MBAM is running, please update the program and scan your computer like normal.
If all of these steps do not work, then you can download, or copy from a clean computer, the Rkill program and run it on the infected computer. Rkill will then try and terminate the infections that may be stopping you from installing MalwareBytes'. You can download Rkill and renamed versions from the following download link:
When downloading Rkill, I suggest you download and try the iExplore.exe version first. Once Rkill runs, it will create a log of what applications were terminated. You can then attempt to start the installation of MalwareBytes or start the program again.
For more detailed troubleshooting information, please see this topic at the Malwarebytes' site.
02/16/10 - Tutorial created.
07/17/13 - Updated images to newest version.
07/22/14 - Updated for version 2.0
07/29/14 - Updated manual def update instructions.